Tuesday, March 10, 2015

Drip, Drip, Drip

RESEARCHERS WORKING with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept.

The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics..

[...]

Perhaps more than any other corporate leader, Apple’s CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies.

[...]

The researchers listed a variety of actions their “whacked” Xcode could perform, including:

— “Entice” all Mac applications to create a “remote backdoor” allowing undetected access to an Apple computer.

— Secretly embed an app developer’s private key into all iOS applications. (This could potentially allow spies to impersonate the targeted developer.)

— “Force all iOS applications” to send data from an iPhone or iPad back to a U.S. intelligence “listening post.”

— Disable core security features on Apple devices.

[...]

“Every other manufacturer looks to Apple. If the CIA can undermine Apple’s systems, it’s likely they’ll be able to deploy the same capabilities against everyone else,” says Green, the Johns Hopkins cryptographer. “Apple led the way with secure coprocessors in phones, with fingerprint sensors, with encrypted messages. If you can attack Apple, then you can probably attack anyone.”

[...]

“If I were Tim Cook, I’d be furious,” says the ACLU’s Soghoian. “If Apple is mad at the intelligence community, and they should be, they should put their lawyers to work. Lawsuits speak louder than words.”

  Jeremy Scahill
That’s what Wikipedia says.
The CIA declined to comment for this story.
A U.S. intelligence official told CNBC Tuesday that American spies need to develop ways to get covert access to mobile devices.

"That's what we do," the official said. "CIA collects information overseas, and this is focused on our adversaries, whether they be terrorists or other adversaries."

The official insisted the effort was not focused on intellectual property of Apple or any other tech company, but instead on gaining access to information of intelligence value that adversaries may have stored on their mobile devices.

"This isn't just about Apple or Microsoft," the official said. "There's a whole world of devices out there, and that's what we're going to do," the official said. "It is what it is."

  CNBC

No comments: